LRQA Nettitude Blog

Many organizations have gone out and bought SIEM appliances which are either in-house or outsourced to an external security operations center. We have highlighted the top five areas for organizations to review, when they deploy SIEM technology, or utilize a security operations center function. This guide is designed to help improve SIEM coverage, and provide confidence to the organization that they are getting the most from their security operations center providers.

Every organization that either builds a security operations center or subscribes to the services of a managed security services provider (MSSP) hopes that the SOC is able to prevent, detect and respond to cyber related attacks. However, there is huge amounts of variability in SOC services, and it is very common for organizations to build or leverage SOC services that are mismatched to the threats that they face.

A cyber breach is probably one of the most disturbing events that a CISO could encounter. Nettitude has worked with many organizations that have experienced cyber incidents, and provides consulting guidance to organizations to mitigate the threat from cybercrime. Here are our top five things that successful CISOs do to mitigate against the risk of a cyber breach.

We frequently get contacted by organizations after they have experienced a data breach.  All too frequently the incident comes as a complete shock, and the reason that they find out it because they are contacted by a 3^rd party.  We have compiled our top 5 reasons why organizations don’t detect a cyber breach.

Here at Nettitude, we have been delivering penetration tests for clients for more than a decade.  Over the last 10 years, we have seen the industry mature. Many organisations understand what penetration testing is, and as a consequence, it has become an integral part of many organisations' information security programs. However, more often than not, organisations ask us to focus on the technical aspects of a penetration test and ignore the social aspects. In many instances, we are told that ‘management’ doesn’t want to look at social engineering, and as a consequence, can we provide services that focus on the technology only?